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REMARKS 

This application has been reviewed in light of the Final Office Action dated 
August 21, 2008 (hereinafter referred to as the "Office Action"). Upon entry of this paper and 
the amendments set forth herein, Claims 1-15 are pending in the present application. In this 
paper, Applicants present amendments to Claims 1, 8 and 15 to clarify the distinctions over the 
prior art of record. Support for these amendments may be found in the Applicants' Published 
Appl. No. 2005/0055555 at least at paragraphs [0016], [0019], and [0020]. For at least the 
reasons set forth in detail below, Applicants respectfully submit that Claims 1-15 are in condition 
for allowance. 

The 35 U.S.C. $ 103 Rejections of Claims 1-15 

In the Office Action, Claims 1, 2, 5; 8, 9, 12 and 15 stand rejected under 35 
U.S.C. §103(a) as obvious the combination of U.S. Patent No. 7,039,714 (herein referred to as 
"Blakley"), U.S. Patent Publication No. 2005/0022006 (herein referred to as "Bass"), and newly 
cited U.S. Patent Publication No. 2004/0039940 (herein referred to as "Cox"). Claims 3 and 10 
stand rejected under 35 U.S.C. §103(a) as obvious in view of the combination of Blakley, Bass, 
Cox, and U.S. Patent Publication No. 2005/0066037 (herein referred to as "Song"). Claims 4 
and 1 1 stand rejected under 35 U.S.C. § 103(a) as obvious in view of the combination of Blakley, 
Bass, Cox, and U.S. Patent Publication No. 2003/0046410 (herein referred to as "Gusler"). 
Claims 6, 7, 13, and 14 stand rejected under 35 U.S.C. § 103(a) as obvious in view of the 
combination of Blakley, Bass, Cox, and U.S. Patent Publication No. 2004/0111463 (herein 
referred to as " Amon"). 

As summarized above, each rejection set forth in the Office Action is based 
primarily on the combination of Blakley, Bass and newly cited Cox. In the 'Response to 
Arguments' section of the Office Action, the Examiner indicates that the previous rejections 

Page 5 of 9 



Appl. No. 10/721,063 
Attorney Docket No. 14846-32 

under §103 based on Blakley and Bass were withdrawn, and the new grounds of rejection 
summarized above are made in view of Cox. 

Although the Examiner notes that the Applicants' previous arguments were 
considered and found persuasive, in the present Office Action, the Examiner maintains the 
assertion that "Bass teaches an interface component to receive a connection request including an 
identifier and entitlement information (URL of application, username and password)." (Office 
Action, page 3). In support of this contention, the Examiner cites paragraphs [0028] and [0029] 
of Bass. As noted in our previous response, in Bass, the user is required to provide his or her 
login information to the SiteMinder Web agent. (Bass, paragraphs [0028] and [0029]). When 
Bass is combined with Blakley in the manner suggested in the Office Action, the user must 
provide his or her login information in two separate instances in order to access a resource - the 
first user authentication occurs according to Blakley (i.e., the 'primary logon 5 described in 
column 5, lines 1 1-18 of Blakley), and the second user authentication occurs according to Bass 
(Bass, paragraph [0028] and [0029]). 

In contrast to Blakley and Bass, Claims 1-15 as amended call for systems and 

methods wherein the user is required logon information only once - when authenticated by an 

authentication component. After authenticating the user, the authentication component acts as a 

liaison on behalf of the user and communicates the connection request to an interface 

component. (Applicants' Publication No. 2005/0055555, paragraph [0019]). In this regard, it is 

the authentication component that is authenticated by the interface component. (Applicants' 

Publication No. 2005/0055555, paragraph [0019]). Accordingly, Applicants respectfully 

maintain the position that the combination of Blakley and Bass fails to describe or teach an 

interface component configured to receive an identifier identifying the authentication component 

and entitlement information associated with the user, as called for in Claims 1-15 of the present 

application. Furthermore, the present Office Action does not contend that Cox teaches an 
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interface component configured to receive an identifier identifying the authentication component 
and entitlement information associated with the user, and, as such, Cox fails to cure the 
aforementioned deficiencies in the combined teachings of Blakley and Bass. 

In addition, Applicants submit that Cox also fails to teach or suggest an interface 
component configured to compare an identifier identifying the authentication component with an 
expected identifier associated with the authentication component. Instead, Cox describes a data 
packet filtering system (i.e., a firewall) including a host processor and an accelerator processor. 
The host processor is configured to perform the data processing tasks in parallel with the 
accelerator's processing of the IP packets. (Cox, paragraph [0031]). The host processor controls 
the operation of the accelerator processor and manages the rulesets that are applied by the 
accelerator processor during packet filtering. (Cox, paragraph [0032]). 

The paragraphs cited by the Examiner in support of the rejection of Claims 1-15 
of the present application (Cox, paragraphs [0034], [0035], [0039] and [0041]) relate to the 
structure (i.e., linear rulesets and tree rulesets) and the manner in which the pre-defined rulesets 
are applied by the accelerator processor. In one example, the accelerator processor examines a 
packet received from a user seeking access to a resource, wherein the packet includes the user's 
Source IP address. (Cox, paragraph [0039]). The accelerator processor searches a tree aileset by 
the user's Source IP address to determine the one or more rules associated with the received 
packet. (Cox, paragraph [0035]). As shown in Table 1 in paragraph [0039], the Source IP 
address is defined as the IP address of the original sender of the packet. In this regard, the 
accelerator processor and host processor of Cox are configured to allow or disallow individual 
packets of a communication sent by a user (i.e., the original sender of the packet) based on pre- 
determined rules related to the user. In contrast to Claims 1-15 of the present application, Cox 
does not compare an identifier identifying an authentication component with an expected 

identifier associated with the authentication component. 
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Moreover, in the Office Action, the Examiner incorrectly equates the ruleset in 
Cox with the 'expected identifier associated with the authentication component' of amended 
Claim 1. In Cox, packets are filtered according to rules associated with the user, without the 
involvement of an authentication component. In contrast, as called for in Claims 1-15 of the 
present application, the interface component compares the authentication component's identifier 
with an expected identifier associated with the authentication component. As provided in the 
present application, "[s]ince the sign-on component 120 will have a known IP address, 
verification of the IP address can be accomplished by simply comparing the obtained IP address 
against the known IP address of the sign-on component 120." (Applicants' Published Appl. No. 
2005/0055555, paragraph [0019]). 

Cox requires a comprehensive and robust sets of rules to determine each 
user's/packet's access rights, and fails to provide a description or teaching of an interface 
component configured to compare an identifier identifying an authentication component to an 
expected identifier associated with the authentication component , and if a match is found, 
provide entitlement information associated with the user (i.e., the originator of the connection 
request), as called for in Claims 1-15 of the present application. 

Finally, Applicants submit that Cox teaches away from a combination with 

Blakley and/or Bass. In the Office Action, the Examiner contends that a combination of Bass 

and Blakley would "allow[s] secure access of resources to an authenticated user." (Office 

Action, page 3). While this contention is refuted above, it illustrates the absence of a motivation 

to combine those references with Cox. If, as the Office Action asserts, Bass and Blakley result in 

authorized, secure access to the resources, then the packet filtering system/method of Cox would 

serve no purpose, and would be unnecessary. Put another way, having established authorized 

access to a resource according to the combination of Bass and Blakley suggested by the 

Examiner, there would be no need to conduct packet filtering according to Cox. 
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In view of the amendments and remarks set forth herein, it is clear that Blakley, 
Bass, and Cox, considered alone or in combination, fail to teach and/or describe the features 
recited in amended Claims 1, 8, and 15, and all claims dependent thereon. Furthermore, the 
Office Action fails to establish that the deficiencies in the combined teaching of Blakley, Bass, 
and Cox are overcome by the remaining references cited by the Examiner in the Office Action 
(Song, Gusler, and Amon), which do not address and/or relate to the features recited in amended 
Claims 1,8, and 15. 

In the event that any issues remain following entry of this Response, Applicants' 
attorney respectfully invites the Examiner to contact the undersigned at the telephone number 
provided below. Applicants ask that all correspondence related to this matter continue to be 
directed to our address listed below. 

Respectfully submitted, 

/Daniel D. Sierchio/ 
Daniel D. Sierchio 
Attorney for Applicants 
Registration No. 53,591 
Telephone: (973) 422-6422 

Docket Administrator 
Lowenstein Sandler PC 
65 Livingston Avenue 
Roseland, NJ 07068 
Telephone: (973) 597-2500 



Page 9 of 9 



